Many people confuse data privacy and data security. While there are similarities, privacy and security are not the same thing. Data security focuses on the confidentiality, integrity and availability of information and information technology resources, whereas data privacy is about an individual’s ability to retain control over his or her personally identifiable information (PII).

Last year for Data Privacy Day, I wrote about the types of privacy information, and the many ways in which new technologies (such as data analytics) threaten our privacy. This year, I am providing some tips for individuals, and some things for businesses to consider in regard to data privacy.

Privacy Tips

As individuals, we should ensure we are responsible “digital citizens” when using the Internet. Part of this responsibility includes understanding how to configure and manage the privacy settings for the Internet services that we use. This includes social networking services like Facebook and Twitter. Social networking services tend to change their privacy options frequently, so it is important to ensure you understand how you have configured the privacy settings for the social networking services you use. In the case of Facebook, they have recently introduced a powerful new search feature called Facebook Graph Search. This new feature will improve the ability to search and find information; however, it can increase the likelihood that other people can find your information through the search if your privacy settings aren’t set correctly. You must be sure your privacy settings are properly configured so that your personal information (posts, photos, likes, etc) doesn’t end up as a search result for someone you don’t wish to have access to your data. The Electronic Frontier Foundation (EFF) has an informative article about how to protect your Facebook privacy from the new Graph Search.

In addition to social networking, many of us are now using applications on our smart phones and tablets. Some of these applications are able to access privacy data from the device on which they run. One example of this is “location settings” for applications. The ability to have the application know your location can improve the application’s functionality and ease of use, but it can also put your privacy at risk. Many devices have the capability to restrict an application’s ability to determine the user’s geographical location (also known as “geolocation”). Mobile devices often use a built-in GPS along with wireless hotspot proximity to determine location. You should carefully consider sharing geolocation information with applications, especially on devices used by minors. Decide which applications should have access to location services and disable access for all others. Does the game app you’re playing really need to know where you’re physically located? Think about it.

Geolocation privacy concerns are not limited to apps though, as most smart phones include built-in cameras that have the ability to include geolocation metadata in each digital photograph captured by the device. Unless you disable the location awareness setting for the phone’s camera, every photo you take and share will contain geolocation metadata that can be examined by anyone with whom you share the photo.

With the explosive growth in the number of applications available, it shouldn’t be surprising that some of them have been discovered to have software defects that have unintended consequences in regard to privacy. Here is a case in point: a recent popular mobile application “Crazy Blind Date”, coordinates blind dates: “Pick a time, pick a place, we find you a blind date”, and claims to keep your personal contact information, such as your phone number and email address confidential. However, the Wall Street Journal discovered that due to a programming mistake, technically-inclined users of the service were able to access the profile information of other users (including birth date and email address). The developer of the application, OKCupid.com, promptly fixed the problem after being informed by the Wall Street Journal.

It is important to be aware that applications may have access to your privacy information, and that there is potential for unintentional disclosure of this information, either as a result of software defects, or improper configurations.

For individuals, the key points in regard to electronic data privacy are:

Understand the services and devices you’re using to make certain you know how your privacy data is, or isn’t, being shared electronically.

Take time to review the settings for the Internet services and devices you and your family members use.

Think about what information you are comfortable sharing, and the impact of the improper disclosure of the information you’ve shared.

Businesses and Data Privacy

Data privacy is not just a concern for individuals. Businesses must be aware, and comply with privacy laws. They must know what privacy data they collect from their customers, partners, suppliers and employees. They must have plans in place to manage and protect the privacy data. Organizations that use Internet technologies should have a data privacy policy, in which they explain what information they collect and how they will use it. Organizations that collect, process and store privacy information must ensure that their employees are properly trained to understand and comply with the organization’s privacy policies.

Resources

For more information about Data Privacy Day 2013, and for additional tips/suggestions to help protect your privacy, please visit the National Cyber Security Alliance. You can also learn more about how to configure privacy settings directly from the social networking sites below: